CVE-2022-37362 – CVE-2022-37362 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-37362?

CVE-2022-37362 has a CVSS score of 7.8 (HIGH). CVE-2022-37362 is a buffer overflow vulnerability in PDF-XChange Editor's PNG file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious PNG files or visiting malicious web pages. This affects all users of vulnerable PDF-XChange Editor versions.

📋 TL;DR

CVE-2022-37362 is a buffer overflow vulnerability in PDF-XChange Editor's PNG file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious PNG files or visiting malicious web pages. This affects all users of vulnerable PDF-XChange Editor versions.

💻 Affected Systems

Products:

PDF-XChange Editor

Versions: Versions prior to 9.3.361.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the PDF-XChange Editor process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration from the compromised system, with attackers using social engineering to deliver malicious PNG files.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file/website) but can be delivered via email attachments, downloads, or compromised websites.

🏢 Internal Only: MEDIUM - Similar risk profile internally if users open malicious files from internal sources or phishing emails.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but the vulnerability itself is straightforward to trigger with crafted PNG files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Open PDF-XChange Editor. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 9.3.361.0 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable PNG file handling

windows

Prevent PDF-XChange Editor from processing PNG files by modifying file associations

Control Panel > Default Programs > Set Associations > Change .png association to another application

Application sandboxing

windows

Run PDF-XChange Editor in restricted mode or sandboxed environment

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized code
Use endpoint protection with memory protection and exploit prevention capabilities

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor and verify version is earlier than 9.3.361.0

Check Version:

PDFXEdit.exe /version (or check Help > About in GUI)

Verify Fix Applied:

Confirm version is 9.3.361.0 or later in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing PNG files
Unexpected child processes spawned from PDF-XChange Editor

Network Indicators:

Outbound connections from PDF-XChange Editor to suspicious IPs
DNS requests for known malicious domains

SIEM Query:

process_name="PDFXEdit.exe" AND (event_id=1000 OR parent_process_name="PDFXEdit.exe")

📊 Metadata

CVE ID: CVE-2022-37362

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 29, 2023

Last Updated: November 27, 2024

🔗 References

https://www.tracker-software.com/product/pdf-xchange-editor/history Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-22-1090/ Release Notes,Third Party Advisory,VDB Entry
https://www.tracker-software.com/product/pdf-xchange-editor/history Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-22-1090/ Release Notes,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37362, you might also want to check these: